This chapter is from the book
Auditing Your Security Infrastructure
After all the previous items discussed in this chapter have been performed, the organization’s security-management practices will need to be evaluated periodically. This comes in the form of an audit process. This is the only way you can verify that the controls put is place are working, that the policies that were written are being followed, and that the training provided to the employees actually works. The audit process can also be used to verify that each individual’s responsibility is clearly defined. Employees should know their amount of accountability and what is considered their assigned duties.